Lucene search
K

4 matches found

The Hacker News
The Hacker News
added 2025/12/03 5:8 p.m.9 views

WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts

A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 CVSS score: 9.8, is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative...

9.8CVSS6.8AI score0.09142EPSS
Exploits4
Cvelist
Cvelist
added 2025/10/31 6:42 a.m.12 views

CVE-2025-8489 King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation

The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it...

9.8CVSS0.09142EPSS
Exploits4References3
CVE
CVE
added 2025/10/31 6:42 a.m.74 views

CVE-2025-8489

The CVE-2025-8489 vulnerability affects WordPress plugin King Addons for Elementor (versions 24.12.92–51.1.14). It arises from insufficient restriction of registration roles, allowing unauthenticated users to register as administrator accounts (privilege escalation). Exploitation details in conne...

9.8CVSS6.2AI score0.09142EPSS
In wildExploits4References3
VulnCheck KEV
VulnCheck KEV
added 2025/10/31 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-8489

The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it...

9.8CVSS5.8AI score0.09142EPSS
In wildExploits4References4
Rows per page
Query Builder